Re: [lamps] [Mathmesh] pkix-keyinfo content type
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Thu, 12 September 2019 16:41 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D514F12013A for <spasm@ietfa.amsl.com>; Thu, 12 Sep 2019 09:41:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p5UWlffIZttm for <spasm@ietfa.amsl.com>; Thu, 12 Sep 2019 09:41:47 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50050.outbound.protection.outlook.com [40.107.5.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A0EE12018B for <spasm@ietf.org>; Thu, 12 Sep 2019 09:41:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LKZ66ZCSL7bfydtIV+PHI7jp9m7u8OdEtE4uyDy8fXb64FoUnfYw/idN5YtzDJcsUfyD+/LLJDf647yWIrwk7dWzD61qAnL4QQa+FRHZah2QqCDsbzRa+F4RQaVYk4NT6JypSO4MHmzP0nwjGk8pOkh7CK/qbGTTVQhk0HU+D6bvpJ74xOuyBrSu1BzV2eFWDkwdahKBJEZSeaC5UUUwTcBDIrGVJEXO63LXm/BVULq5EkdwWDUnZor4v/JZ1o6hDDUGhMVSw80ICwk3FQe32ju0IV8Z87cNjuMSu+LHOykVlcfAQviDTU8Zv9mTzvIm4EBVfhwYN9W4ZCJYL+Dofg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vEUwTb8w2T7nZcH0M1nNdcXics//h05gBOYPByI2v/4=; b=lLN1Sjq4Mj9eCdkVTUDtKunjhBBd4Cy3bidlx3/rDB3br4P7xhTPHuxPtRHN1bAufwdcAdW4eUY3whwmg6iHkjs/F2RULxOpI01RUIsqagrldzoKtYU3/YxnVdNgYacMHNWlE+CbV01eXXblzTv/OmVGRSg8NIhYlfYGaNkOqpXIz0vu2Q3USFcKmKg9tgxEFbERUpTDFOgw9RnUVeFEy4J997tpOpIj/ZVsE5lvwb9tStkIAzSbDKSJkMLs2FM+ayAz84VKkugbTLY9ADzK8GWmrZXmrpaAnykIbfTFOn7NWsu7neQEHQtZbXCWbI6Ufpz4L/4BowzIX7zFfiElxQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector2-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vEUwTb8w2T7nZcH0M1nNdcXics//h05gBOYPByI2v/4=; b=cladQaxAWGl2HRtE+4dy8bt3jR8HoQNKP1xfJfmFgzcgHN3t7Fu/hqtVaVcEVQH3NJ3L2jk8iAULYYHeRT3HLdVxC5Q6wTU9jDFMHA9+3fhZMHoUWM8wluHkzp7syzu5Tjh9JCcvr8qyTz2dG7QRabxspOJEuo/rIOorNFr91Sg=
Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (20.177.110.224) by AM0PR10MB3028.EURPRD10.PROD.OUTLOOK.COM (10.255.29.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.14; Thu, 12 Sep 2019 16:41:43 +0000
Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::449a:3304:b112:df40]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::449a:3304:b112:df40%6]) with mapi id 15.20.2241.018; Thu, 12 Sep 2019 16:41:43 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: LAMPS WG <spasm@ietf.org>
Thread-Topic: [lamps] [Mathmesh] pkix-keyinfo content type
Thread-Index: AdVpiOhoiMIaQgPGTI+qS8PjruRemg==
Date: Thu, 12 Sep 2019 16:41:42 +0000
Message-ID: <AM0PR10MB2402708AC5BBFBA3ABD21D1BFEB00@AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-document-confidentiality: NotClassified
authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com;
x-originating-ip: [195.145.170.171]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dfb4bd65-53d1-481e-dd20-08d737a017d4
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:AM0PR10MB3028;
x-ms-traffictypediagnostic: AM0PR10MB3028:
x-microsoft-antispam-prvs: <AM0PR10MB3028DB68600640BCA1BE80C4FEB00@AM0PR10MB3028.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 01583E185C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(346002)(376002)(396003)(366004)(39860400002)(199004)(189003)(5660300002)(305945005)(66476007)(186003)(66556008)(64756008)(316002)(6116002)(81156014)(81166006)(53936002)(486006)(6506007)(66946007)(102836004)(66446008)(3846002)(7736002)(76116006)(14444005)(26005)(74316002)(229853002)(256004)(52536014)(33656002)(25786009)(2906002)(478600001)(71190400001)(14454004)(71200400001)(4326008)(55016002)(6246003)(476003)(66066001)(8676002)(7696005)(8936002)(99286004)(9686003)(6436002)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR10MB3028; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: eBl24e1JE28UTgEAj03ygUZK66NU4/vcTGS4ueLz6hGbmzQLTOdwpJUN8ulxcHZi2XnoghC3PXpvQ+KKzBFjH4MOIKQAKboLcAPlXXv8RGisoQbONx8kfJiY4unc/6gUbeZ61uz1P1znXVofJ6XklAimiIrnrm2NNgRE6nvZ5nieZYNx3+E0V69TYE0t7TyhyYl7i2WlWZaBKUCQOtXO8ro2X8xp9Oxxe1sinrjBOeVLjT7n7vvnpN/qtjXCTPwvV+vzdFzkaKtBhZChlh2mS+Yul3Ju51YriMosxqMYCBHIsv1+vMZJiqdpe2d8vb1oW3NDNCZgJDAXfTVdfuNrkWCWc+5tUEgkjiUOx0VcXZ1ocaSzNF8RtKZWAPS5VnZ+JtVpjlkStMKW2PBNIvBwrE/Vua+5BG4SgZhZ3ZRJt/k=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dfb4bd65-53d1-481e-dd20-08d737a017d4
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Sep 2019 16:41:42.8826 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: WA12zpYIx4iLLrglM013SMs+VV/rwdMxefsoJIIeTIzYc19aXgH8SFKf2IVNVIpnha8IzdMY3WdgaqG2M9GhTaAyQRfnGaK0h/UhChinua4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB3028
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/tFxlkrIF7oWQeSMrykCQ7PLJEq8>
Subject: Re: [lamps] [Mathmesh] pkix-keyinfo content type
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Sep 2019 16:41:51 -0000
Michael I just read through your email. I like your statement on the subjectKeyId in end entity certificates as it is quite handy to identify the public key to use in the protocol context. > As SubjectKeyIdentifier can be calculated by any suitable way and used > if it is present, it's only for the case that it is not present that is a problem. > Typically only CA:TRUE certificates are supposed to have it present. > I'd like it to be present for all certificates. I was quite sad to see that the subjectKeyId is not recommended in DevID certificate profiles in IEEE 802.1AR. Finally the subjectKeyId is not only be helpful to identify the issuing CA key/certificate but also the e.g. signing key/certificate for a JSON, XML, CMS object. Also within CMP messages the subectKeyId can be used in the message header (senderKeyId) to clearly identify the key/certificate to use to validate the CMP protection. This makes the code to pick the right key/certificate much easier. I typically recommend to use this extension also for end entiy certificates in my company. Hendrik
- [lamps] pkix-keyinfo content type Phillip Hallam-Baker
- Re: [lamps] [Mathmesh] pkix-keyinfo content type Michael Richardson
- Re: [lamps] [Mathmesh] pkix-keyinfo content type Brockhaus, Hendrik